Still Downloading Shady Porn Apps? New Android Ransomware Changes Lock Screen PIN

Researchers from security firm ESET have discovered a type of ransomware which changes the lock screen PIN of an Android device.

The malware masks itself as the Porn Droid app, selling itself as an adult content viewer. The app can only be downloaded from third-party Android app stores or pirated software forums, and users that do so regret that they decided to download and install a shady porn app.

Known as the Android Lockerpin, the ransomware is the first known lock-screen-type ransomware for Android. Previous kinds of ransomware brought up the ransom message to the device's screen in an infinite loop to keep the user locked out, but that can be circumvented by using the Android Debug Bridge or by deactivating administrator rights and then uninstalling the ransomware while in safe mode.

Lockerpin, however, by changing the lock screen PIN, blocks users that have no root privileges or have no security apps installed from gaining any form of access to their device. The only choices for users are to give in to the ransom or to perform a factory reset, which would erase all the contained data of the device.

In addition, Lockerpin is able to acquire and maintain administrator rights to prevent it from being uninstalled from the device, with ESET stating that this is the first time that it has seen such an aggressive behavior on Android malware. In addition, the malware has been coded to attempt to take out mobile antivirus apps Avast, Dr. Web, and ESET's own Mobile Security.

The ransomware requires administrator rights to be able to carry out its plan, and the victim unknowingly gives it such power over the device. This is because upon running the app, Porn Droid will ask users to click on a button to activate it. However, the button masks another button which, when tapped, provides administrator privileges to the app.

Users are then greeted with a supposed FBI warning that they have attempted to view prohibited pornography. The message also demands that the user pay $500 within the next three days, as the device is locked with the PIN for the lock screen changed.

The evolution of ransomware, both in prevalence and the damage that these apps can do, is why users should never be tempted to install apps from unofficial app stores. Recently, another piece of ransomware masquerading as a porn app was discovered. The app takes a picture of the user and displays it while demanding for a $500 ransom.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics